LibTomCrypt El Gamal Implementation Flaw Valid Signature Generation Vulnerability
BID:13473
Info
LibTomCrypt El Gamal Implementation Flaw Valid Signature Generation Vulnerability
| Bugtraq ID: | 13473 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 03 2005 12:00AM |
| Updated: | May 03 2005 12:00AM |
| Credit: | This issue was discovered by the vendor. |
| Vulnerable: |
LibTomCrypt LibTomCrypt 1.0.2 LibTomCrypt LibTomCrypt 1.0.1 LibTomCrypt LibTomCrypt 1.0 |
| Not Vulnerable: |
LibTomCrypt LibTomCrypt 1.0.3 |
Discussion
LibTomCrypt El Gamal Implementation Flaw Valid Signature Generation Vulnerability
LibTomCrypt is prone to a security vulnerability that exists in the signature generation functionality. The issue may be leveraged by an attacker to generate legitimate signatures without requiring a valid private key.
The vulnerability manifests due to a mathematical flaw in the LibTomCrypt implementation of the El Gamal signature algorithm.
This vulnerability exists in LibTomCrypt versions 1.02 and earlier.
LibTomCrypt is prone to a security vulnerability that exists in the signature generation functionality. The issue may be leveraged by an attacker to generate legitimate signatures without requiring a valid private key.
The vulnerability manifests due to a mathematical flaw in the LibTomCrypt implementation of the El Gamal signature algorithm.
This vulnerability exists in LibTomCrypt versions 1.02 and earlier.
Exploit / POC
LibTomCrypt El Gamal Implementation Flaw Valid Signature Generation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
LibTomCrypt El Gamal Implementation Flaw Valid Signature Generation Vulnerability
Solution:
The vendor reports that LibTomCrypt version 1.03 will be released on May 7, 2005, to address this issue.
Solution:
The vendor reports that LibTomCrypt version 1.03 will be released on May 7, 2005, to address this issue.
References
LibTomCrypt El Gamal Implementation Flaw Valid Signature Generation Vulnerability
References:
References:
- LibTomCrypt Homepage (LibTomCrypt)
- Secure Science Corporation Advisory CSA-056 (SSC Advisory Notice
)